Privacy Policy

Pemble (“we”, “us”, “our”) operates an anonymous Q&A and messaging service (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information we collect

Account information you provide:

• Username, email address, and password (stored as a bcrypt hash — we never store your password in clear text).
• Optional display name, short bio, and profile theme preference.

Content you create:

• Public replies you post on your profile.
• Messages you send to other users (anonymous or not).
• Gifts you send or receive and any optional note you attach.
• Follow relationships you create.

Information for paid features (gifts, top-ups, verification):

• Top-up and verification requests include the payment method you used and a payment reference (for example, a transaction ID) that you enter manually.
• We do not collect or store credit-card numbers. Payments are processed outside the Service by third-party providers.

Technical information (website):

• A one-way SHA-256 hash of your IP address, stored with each message you submit from the website to deter abuse. The raw IP address is not stored alongside individual messages.
• A strictly necessary session cookie (PHPSESSID) used to keep you signed in.
• Standard web-server access logs, retained for a short period for security and debugging.

Mobile app diagnostics (iOS and Android):

When you sign in to our mobile app, we collect a small set of device and environment fields to help our support team diagnose problems you report and to monitor app health (for example, which app versions are still running on which OS versions). The following are collected on each app launch:

• An “install ID” that we generate on the device the first time you open the app. It is a random identifier; it does not include any hardware serial number, advertising ID (IDFA / GAID), IMEI, MAC address, or other persistent device identifier. It resets if you reinstall the app.
• Platform (iOS or Android).
• Operating system name and version (for example, “iOS 17.5” or “Android 14”).
• Device model and manufacturer (for example, “Apple iPhone15,3” or “Google Pixel 7”).
• The device name you have set in your operating system settings, where the platform exposes it (for example, “Sako’s iPhone”). This is the same name you see in your device settings; we do not derive it from your account.
• App version and build number.
• Locale (language/region) and time zone reported by the operating system.
• Your IP address at the time of the most recent app launch. We retain this raw IP only on the diagnostic record for the device, not against individual messages.
• The timestamps when this device first signed in and when it was last seen.

We use this data only for customer support, debugging, security, and release health. We do not use it for advertising and do not share it with advertisers or analytics brokers. The diagnostic record is automatically deleted when you delete your account, and individual records are pruned after long periods of inactivity.

What we do not collect on mobile: we do not collect your contacts, calendar, photo library (other than the single image you choose when you change your avatar), microphone audio, precise location, advertising identifier (IDFA on iOS, Advertising ID on Android), IMEI, MAC address, ICCID, or hardware serial number.

2. How we use information

• To provide the Service — deliver your messages, show your profile, and process gift and top-up requests.
• To keep the Service safe — prevent spam, fraud, and abuse, and enforce our Terms of Service.
• To diagnose problems and provide customer support — the mobile app diagnostic fields described above let our support team understand which device, OS version, and app version you were using when an issue occurred.
• To monitor app health — aggregate counts of OS and app versions help us decide which platforms still need bug fixes or backwards-compatibility shims.
• To communicate with you about account issues or changes to these policies.

3. Legal bases (for users in the EU / UK)

• Performance of a contract — to provide the Service you signed up for.
• Legitimate interests — to prevent abuse and operate the Service securely.
• Consent — where required by law.

4. How we share information

Public by design. Your username, display name, bio, theme, published replies, follower counts, and the list of accounts you follow are public and visible to anyone who visits your profile.

We do not sell your personal information.

Service providers. Our hosting provider has incidental access to the data necessary to operate the Service (for example, database backups).

Legal requirements. We may disclose information when required to do so by law, or when reasonably necessary to protect users from harm.

5. Cookies

We use a single session cookie (PHPSESSID) that is strictly necessary to keep you signed in. We do not use advertising cookies, analytics cookies, or third-party trackers.

6. Data retention

• Account data is retained for as long as your account is active.
• When you delete your account (Settings → Delete account), the account is marked inactive immediately: you can no longer sign in, your profile becomes unavailable to other users, and others cannot send you messages.
• Published replies you created before deletion may remain on the Service unless you deleted them individually. Historical messages are retained for abuse-prevention purposes.
• Mobile-app diagnostic records (the fields listed under “Mobile app diagnostics” above, including the IP captured at last app launch) are linked to your account and are deleted automatically when your account is deleted. Records that have not been seen for a long period of inactivity are also pruned.

7. Your rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate data (most fields can be edited in Settings).
• Delete your account (available in Settings).
• Object to or restrict processing of your information.
• Receive a portable copy of your data.

To exercise any of these rights, contact us at support@pemble.krd.

8. Security

• Passwords are hashed using bcrypt (PHP PASSWORD_DEFAULT).
• All forms are protected against CSRF with per-session tokens.
• Data is transmitted over HTTPS in production.

No system is perfectly secure. Please choose a strong, unique password.

9. Children’s privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact us at support@pemble.krd and we will remove it.

10. International transfers

Our servers may be located outside your country of residence. By using the Service you acknowledge that your information may be processed in those locations.

11. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent change. Material changes will be announced on the Service.

12. Contact

For questions about this Privacy Policy, email support@pemble.krd.